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Art Unit: 2137 

Remarks 

Claims 1-23 are pending. 



Claim Rejections - 35 USC § 101 

35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or 
composition of matter, or any new and useful improvement -thereof, may obtain a patent 
therefor, subject to the conditions and requirements of this title. 

1. Claims 22-23 are rejected under 35 U.S.C. 101 because a "computer- 
readable medium" is defined in the specification as being both physical media 
and signals. When claims 22-23 are stored on a physical media (e.g. CD-ROM) 
and executed by a processor, they are statutory, however when they are 
embodied in a carrier wave, they are not statutory. Clarification of these claims 
as being on a physical medium and executed by a processor is required. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 

U.S.C. 1 02 that form the basis for the rejections under this section made in this 

Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in 
public use or on sale in this country, more than one year prior to the date of application for patent in 
the United States. 

2. Claims 1-6, 9, 10, and 12-21 are rejected under 35 U.S.C. 102(b) as being 
anticipated by Funk (PAUL FUNK; Simon Blake Wilson; "draft-ietf-pppext-eap- 
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ttls-02.txt: EAP Tunneled TLS Authentication Protocol (EAP-TTLS)"; Internet- 
Draft PPPEXT Working Group; 30 Nov. 2002, pp. 1-40). 
Regarding Claim 1, 

Funk discloses a method of authenticating communication 
between a first and a second party, the method comprising: 

Provisioning a first secure credential between the first party 
and the second party (Pages 1 1-13, sections 6-6.2); 

Establishing a secure tunnel between the first party and the 
second party using the first secure credential (Pages 11-13, 
sections 6-6.2); 

Authenticating a relationship between the first party and the 
second party within the secure tunnel using a second secure 
credential to establish an authorization policy (Pages 11-13, 
sections 6-6.2); and 

Distributing an update to one of the first secure credential 
and the second secure credential within the secure tunnel to update 
the authorization policy (Pages 14-15, section 6.4-6.4.1). 
Regarding Claim 17, 

Claim 17 is a system claim that corresponds to method claim 
1 and is rejected for the same reasons. 
Regarding Claim 2, 

Funk discloses protecting termination of the authenticated 
communication by use of a tunnel encryption and authentication to 
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protect against a denial of service by an unauthorized user (Pages 
9-15, sections 4.3-6.4). 
Regarding Claim 3, 

Funk discloses that the step of provisioning occurs within a 
wired implementation (Pages 4-5, section 2). 
Regarding Claim 19, 

Claim 19 is a system claim that corresponds to method claim 

3 and is rejected for the same reasons. 
Regarding Claim 4, 

Funk discloses that the step of provisioning occurs within a 
wireless implementation (Pages 4-5, section 2). 
Regarding Claim 18, 

Claim 18 is a system claim that corresponds to method claim 

4 and is rejected for the same reasons. 
Regarding Claim 5, 

Funk discloses that the first secure credential is a protected 
access credential (Pages 1 1-13, sections 6-6.2). 
Regarding Claim 20, 

Claim 20 is a system claim that corresponds to method claim 

5 and is rejected for the same reasons. 
Regarding Claim 6, 

Funk discloses that the protected access credential includes 
a protected access credential key (Pages 11-16, sections 6-7). 
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Regarding Claim 9, 

Funk discloses that the protected access credential includes 
a protected access credential opaque element (Pages 3-4, section 
1 ; and Pages 1 0-1 3, sections 5-6.2). 
Regarding Claim 10, 

Funk discloses that the protected access credential includes 
a protected access credential information element (Pages 11-13, 
sections 6-6.2). 
Regarding Claim 12, 

Funk discloses that the step of provisioning occurs through 
in-band mechanisms (Pages 11-13, sections 6-6.2). 
Regarding Claim 13, 

Funk discloses that the step of establishing the secure 
tunnel includes the step of establishing a tunnel key using a 
symmetric cryptographic technique (Pages 11-13, sections 6-6.2). 
Regarding Claim 14, 

Funk discloses that the step of establishing a tunnel key 
further includes the step of establishing a session key seed to be 
used in protecting integrity of the secure tunnel and establishing a 
master session key (Pages 11-16, sections 6-7). 
Regarding Claim 15, 

Funk discloses that the step of authenticating is performed 
using EAP-GTC (Pages 21-22, section 10.2.1). 
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Regarding Claim 16, 

Funk discloses that the step of authenticating is performed 
using MS-CHAP v2 (Pages 23-24, section 10.2.4). 
Regarding Claim 21, 

Funk discloses that the wireless network is an 802.1 1 
wireless network (Pages 4-5, section 2). 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described 
as set forth in section 1 02 of this title, if the differences between the subject matter sought to 
be patented and the prior art are such that the subject matter as a whole would have been 
obvious at the time the invention was made to a person having ordinary skill in the art to which 
said subject matter pertains. Patentability shall not be negatived by the manner in which the 
invention was made. 

3. Claims 5-11, 20, 22, and 23 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Funk in view of Schneier (Schneier, Bruce, "Applied 
Cryptography", second edition, 1996, pp. 151-157, and 566-571). 
Regarding Claim 5, 

Funk may not disclose that the first secure credential is a 
protected access credential. 

Schneier, however, discloses that the first secure credential 
is a protected access credential (Pages 566-571, section 24.5). It 
would have been obvious to one of ordinary skill in the art at the 
time of applicant's invention to incorporate the Kerberos 
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authentication protocol of Schneier into the EAP-TTLS system of 
Funk in order to provide a trusted party which creates shared secret 
information used for encryption and decryption between two 
entities, and to distribute such information to the entities in such a 
way as to provide authentication of the entities and the trusted 
party. 

Regarding Claim 20, 

Claim 20 is a system claim that corresponds to method claim 
5 and is rejected for the same reasons. 

Regarding Claim 6, 

Schneier discloses that the protected access credential 
includes a protected access credential key (Pages 566-571 , section 
24.5). 

Regarding Claim 7, 

Schneier discloses that the protected access credential key 
is a strong entropy key (Pages 566-571, section 24.5). 

Regarding Claim 8, 

Funk as modified by Schneier discloses the method of claim 
7, in addition, Schneier discloses that the entropy key is a 32-octet 
key (Pages 151-158, section 7.1). It would have been obvious to 
one of ordinary skill in the art at the time of applicant's invention to 
incorporate the key length of Schneier into the EAP-TTLS system 
of Funk as modified by Schneier in order to provide a strong 
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symmetric key that is very difficult to break, thus further securing 
the system. 
Regarding Claim 9, 

Schneier discloses that the protected access credential 
includes a protected access credential opaque element (Pages 
566-571, section 24.5). 
Regarding Claim 10, 

Schneier discloses that the protected access credential 
includes a protected access credential information element (Pages 
566-571, section 24.5). 
Regarding Claim 11, 

Funk does not disclose that the step of provisioning occurs 
through out-of-band mechanisms. 

Schneier, however, discloses that the step of provisioning 
occurs through out-of-band mechanisms (Pages 566-571 , section 
24.5). It would have been obvious to one of ordinary skill in the art 
at the time of applicant's invention to incorporate the Kerberos 
authentication protocol of Schneier into the EAP-TTLS system of 
Funk in order to provide a trusted party which creates shared secret 
information used for encryption and decryption between two 
entities, and to distribute such information to the entities in such a 
way as to provide authentication of the entities and the trusted 
party. 
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Regarding Claim 22, 

Funk discloses an article of manufacture embodied in a 
computer readable medium for use in a processing system for 
communicating via a network, the article comprising: 

A provisioning logic for causing the processing system to 
establish a credential between a first party and a second party 
(Pages 11-13, sections 6-6.2); 

A tunnel establishment logic for causing the processing 
system to establish a secure tunnel based upon the credential 
(Pages 11-13, sections 6-6.2); 

An authentication logic for causing the processing system to 
authenticate a communication link between the first and the second 
party within the secure tunnel based upon a secure credential 
(Pages 11-13, sections 6-6.2); 

A second provisioning logic for causing the processing 
system to provision an access (Abstract; Pages 5-8, section 3; and 
Pages 11-13, sections 6-6.2); and 

A delivery logic for causing the processing system to deliver 
an update to one of the credential and the secure credential via the 
network (Pages 14-15, section 6.4-6.4.1); 

But does not explicitly disclose that the credential is a shared 

secret. 
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Schneier, however, discloses that the credential is a shared 
secret (Pages 566-571, section 24.5). It would have been obvious 
to one of ordinary skill in the art at the time of applicant's invention 
to incorporate the Kerberos authentication protocol of Schneier into 
the EAP-TTLS system of Funk in order to provide a trusted party 
which creates shared secret information used for encryption and 
decryption between two entities, and to distribute such information 
to the entities in such a way as to provide authentication of the 
entities and the trusted party. 
Regarding Claim 23, 

Funk as modified by Schneier discloses the article of 
manufacture of claim 22, in addition, Funk discloses that the tunnel 
establishment logic further includes a key generation logic for 
causing the processing system to generate a secure key for 
encrypting and signing a communication between the first party and 
the second party (Pages 11-16, sections 6-7; and Pages 36-37, 
section 14). 

Conclusion 

Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Jeffrey D. Popham whose telephone number 
is (571)-272-7215. The examiner can normally be reached on M-F 9:00-5:30. 
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If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Emmanuel Moise can be reached on (571)272-3865. The 
fax phone number for the organization where this application or proceeding is 
assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status information 
for published applications may be obtained from either Private PAIR or Public 
PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). If you would like assistance from a USPTO Customer Service 
Representative or access to the automated information system, call 800-786- 
9199 (IN USA OR CANADA) or 571-272-1000. 

Jeffrey D Popham 

Examiner 

Art Unit 2137 
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